180 lines
4.3 KiB
YAML
180 lines
4.3 KiB
YAML
|
---
|
||
|
apiVersion: v1
|
||
|
kind: PersistentVolumeClaim
|
||
|
metadata:
|
||
|
name: pleroma-uploads
|
||
|
namespace: toots-werts
|
||
|
spec:
|
||
|
accessModes:
|
||
|
- ReadWriteMany
|
||
|
resources:
|
||
|
requests:
|
||
|
storage: 100Gi
|
||
|
storageClassName: nfs
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
namespace: toots-werts
|
||
|
name: pleroma-config
|
||
|
data:
|
||
|
config.exs: |
|
||
|
import Config
|
||
|
|
||
|
config :pleroma, :instance,
|
||
|
healthcheck: true
|
||
|
|
||
|
config :pleroma, Pleroma.Repo,
|
||
|
adapter: Ecto.Adapters.Postgres,
|
||
|
ssl: true,
|
||
|
ssl_opts: [
|
||
|
verify: :verify_none
|
||
|
]
|
||
|
|
||
|
config :pleroma, Pleroma.Web.Endpoint,
|
||
|
url: [host: "toots.werts.us", scheme: "https"]
|
||
|
|
||
|
config :pleroma, Pleroma.Emails.Mailer,
|
||
|
adapter: Swoosh.Adapters.SMTP,
|
||
|
enabled: true,
|
||
|
relay: "smtp.mailgun.org",
|
||
|
username: "pleroma-admin@strudelline.net",
|
||
|
password: "245eaf795de6ea505d190a4aa2b2a046-28e9457d-e1805793",
|
||
|
port: 465,
|
||
|
ssl: true,
|
||
|
tls: :always,
|
||
|
auth: :always
|
||
|
|
||
|
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
|
||
|
client_id: System.get_env("KEYCLOAK_CLIENT_ID"),
|
||
|
client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"),
|
||
|
site: "https://auth.werts.us/",
|
||
|
authorize_url: "https://auth.werts.us/realms/werts/protocol/openid-connect/auth",
|
||
|
token_url: "https://auth.werts.us/realms/werts/protocol/openid-connect/token",
|
||
|
userinfo_url: "https://auth.werts.us/realms/werts/protocol/openid-connect/userinfo",
|
||
|
token_method: :post
|
||
|
|
||
|
config :ueberauth, Ueberauth,
|
||
|
providers: [
|
||
|
keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email, default_scope: "profile"]}
|
||
|
]
|
||
|
---
|
||
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
namespace: toots-werts
|
||
|
name: pleroma
|
||
|
annotations:
|
||
|
"reloader.stakater.com/auto": "true"
|
||
|
spec:
|
||
|
replicas: 1
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: pleroma
|
||
|
strategy:
|
||
|
type: Recreate
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app: pleroma
|
||
|
spec:
|
||
|
containers:
|
||
|
- name: pleroma
|
||
|
image: jamesandariese/pleroma:latest-keycloak
|
||
|
imagePullPolicy: Always
|
||
|
env:
|
||
|
- name: DB_USER
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: user
|
||
|
name: pleroma-db-pguser-pleroma-db
|
||
|
- name: DB_PASS
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: password
|
||
|
name: pleroma-db-pguser-pleroma-db
|
||
|
- name: DB_HOST
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: host
|
||
|
name: pleroma-db-pguser-pleroma-db
|
||
|
- name: DB_NAME
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: dbname
|
||
|
name: pleroma-db-pguser-pleroma-db
|
||
|
- name: KEYCLOAK_CLIENT_ID
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: client_id
|
||
|
name: toots-oidc
|
||
|
- name: KEYCLOAK_CLIENT_SECRET
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: client_secret
|
||
|
name: toots-oidc
|
||
|
- name: OAUTH_CONSUMER_STRATEGIES
|
||
|
value: keycloak:ueberauth_keycloak_strategy
|
||
|
- name: INSTANCE_NAME
|
||
|
value: WerToots
|
||
|
- name: ADMIN_EMAIL
|
||
|
value: pleroma-admin@strudelline.net
|
||
|
- name: NOTIFY_EMAIL
|
||
|
value: pleroma-admin@strudelline.net
|
||
|
- name: DOMAIN
|
||
|
value: toots.werts.us
|
||
|
- name: PORT
|
||
|
value: "4000"
|
||
|
volumeMounts:
|
||
|
- mountPath: /var/lib/pleroma/uploads
|
||
|
name: pleroma-uploads
|
||
|
- mountPath: /var/lib/pleroma/config.exs
|
||
|
name: pleroma-config
|
||
|
subPath: config.exs
|
||
|
volumes:
|
||
|
- name: pleroma-uploads
|
||
|
persistentVolumeClaim:
|
||
|
claimName: pleroma-uploads
|
||
|
- name: pleroma-config
|
||
|
configMap:
|
||
|
name: pleroma-config
|
||
|
defaultMode: 0444
|
||
|
restartPolicy: Always
|
||
|
---
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: Ingress
|
||
|
metadata:
|
||
|
name: toots
|
||
|
namespace: toots-werts
|
||
|
spec:
|
||
|
ingressClassName: haproxy
|
||
|
rules:
|
||
|
- host: toots.werts.us
|
||
|
http:
|
||
|
paths:
|
||
|
- path: /
|
||
|
pathType: Prefix
|
||
|
backend:
|
||
|
service:
|
||
|
name: pleroma
|
||
|
port:
|
||
|
number: 4000
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Service
|
||
|
metadata:
|
||
|
labels:
|
||
|
app: pleroma
|
||
|
name: pleroma
|
||
|
namespace: toots-werts
|
||
|
spec:
|
||
|
selector:
|
||
|
app: pleroma
|
||
|
ports:
|
||
|
- name: http
|
||
|
port: 4000
|
||
|
protocol: TCP
|
||
|
targetPort: 4000
|
||
|
clusterIP: None
|
||
|
type: ClusterIP
|